Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say 280
An anonymous reader tipped us to news that Microsoft researchers have determined that reuse of the same password for low security services is safer than generating a unique password for each service. Quoting El Reg: Redmond researchers Dinei Florencio and Cormac Herley, together with Paul C. van Oorschot of Carleton University, Canada ... argue that password reuse on low risk websites is necessary in order for users to be able to remember unique and high entropy codes chosen for important sites. Users should therefore slap the same simple passwords across free websites that don't hold important information and save the tough and unique ones for banking websites and other repositories of high-value information. "The rapid decline of [password complexity as recall difficulty] increases suggests that, far from being unallowable, password re-use is a necessary and sensible tool in managing a portfolio," the trio wrote. "Re-use appears unavoidable if [complexity] must remain above some minimum and effort below some maximum."
Not only do they recommend reusing passwords, but reusing bad passwords for low risks sites to minimize recall difficulty.
Re:Dumb dumb dumb advice... (Score:4, Funny)
Following up on myself: That research paper is awesome! Never before have I seen the use of partial differential equations to justify unequivocal bullshit. Amazing! They must've really worked hard on that.
Re:Dumb dumb dumb advice... (Score:5, Funny)
Never before have I seen the use of partial differential equations to justify unequivocal bullshit.
Haven't read many research papers, have you? ;-)
So complex (Score:4, Funny)
So re-use low complexity passwords for unimportant sites and use high-complexity unique passwords for important sites.
Got it. Low for my bank account, high for World of Warcraft.
I got a fool proof method (Score:2, Funny)
NSA approves of this! (Score:5, Funny)
This article has been approved by the NSA!